[tor-commits] [tor/master] Refactor connection_or_send_certs_cell() to use trunnel

Thu Nov 3 13:18:59 UTC 2016

commit 5205e95275266e1ceafc95ff608bff872a55ab81
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Mar 5 11:29:19 2015 +0100

    Refactor connection_or_send_certs_cell() to use trunnel
    
    We no longer generate certs cells by pasting the certs together one
    by one. Instead we use trunnel to generate them.
    
    Preliminary work for 19155 (send CERTS cell with ed certs)
---
 src/or/connection_or.c | 50 ++++++++++++++++++++++++++++++--------------------
 1 file changed, 30 insertions(+), 20 deletions(-)

diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 72d8e13..fc60e61 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -2130,8 +2130,8 @@ connection_or_send_certs_cell(or_connection_t *conn)
   const uint8_t *link_encoded = NULL, *id_encoded = NULL;
   size_t link_len, id_len;
   var_cell_t *cell;
-  size_t cell_len;
-  ssize_t pos;
+
+  certs_cell_t *certs_cell = NULL;
 
   tor_assert(conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3);
 
@@ -2140,34 +2140,44 @@ connection_or_send_certs_cell(or_connection_t *conn)
   const int conn_in_server_mode = ! conn->handshake_state->started_here;
   if (tor_tls_get_my_certs(conn_in_server_mode, &link_cert, &id_cert) < 0)
     return -1;
+
+  certs_cell = certs_cell_new();
+
   tor_x509_cert_get_der(link_cert, &link_encoded, &link_len);
   tor_x509_cert_get_der(id_cert, &id_encoded, &id_len);
 
-  cell_len = 1 /* 1 byte: num certs in cell */ +
-             2 * ( 1 + 2 ) /* For each cert: 1 byte for type, 2 for length */ +
-             link_len + id_len;
-  cell = var_cell_new(cell_len);
-  cell->command = CELL_CERTS;
-  cell->payload[0] = 2;
-  pos = 1;
-
+  certs_cell_cert_t *ccc = certs_cell_cert_new();
   if (conn_in_server_mode)
-    cell->payload[pos] = OR_CERT_TYPE_TLS_LINK; /* Link cert  */
+    ccc->cert_type = OR_CERT_TYPE_TLS_LINK; /* Link cert  */
   else
-    cell->payload[pos] = OR_CERT_TYPE_AUTH_1024; /* client authentication */
-  set_uint16(&cell->payload[pos+1], htons(link_len));
-  memcpy(&cell->payload[pos+3], link_encoded, link_len);
-  pos += 3 + link_len;
+    ccc->cert_type = OR_CERT_TYPE_AUTH_1024; /* client authentication */
+  ccc->cert_len = link_len;
+  certs_cell_cert_setlen_body(ccc, link_len);
+  memcpy(certs_cell_cert_getarray_body(ccc), link_encoded, link_len);
 
-  cell->payload[pos] = OR_CERT_TYPE_ID_1024; /* ID cert */
-  set_uint16(&cell->payload[pos+1], htons(id_len));
-  memcpy(&cell->payload[pos+3], id_encoded, id_len);
-  pos += 3 + id_len;
+  certs_cell_add_certs(certs_cell, ccc);
 
-  tor_assert(pos == (int)cell_len); /* Otherwise we just smashed the heap */
+  ccc = certs_cell_cert_new();
+  ccc->cert_type = OR_CERT_TYPE_ID_1024; /* ID cert */
+  ccc->cert_len = id_len;
+  certs_cell_cert_setlen_body(ccc, id_len);
+  memcpy(certs_cell_cert_getarray_body(ccc), id_encoded, id_len);
+
+  certs_cell_add_certs(certs_cell, ccc);
+
+  certs_cell->n_certs = certs_cell_getlen_certs(certs_cell);
+
+  ssize_t alloc_len = certs_cell_encoded_len(certs_cell);
+  tor_assert(alloc_len >= 0 && alloc_len <= UINT16_MAX);
+  cell = var_cell_new(alloc_len);
+  cell->command = CELL_CERTS;
+  ssize_t enc_len = certs_cell_encode(cell->payload, alloc_len, certs_cell);
+  tor_assert(enc_len > 0 && enc_len <= alloc_len);
+  cell->payload_len = enc_len;
 
   connection_or_write_var_cell_to_buf(cell, conn);
   var_cell_free(cell);
+  certs_cell_free(certs_cell);
 
   return 0;
 }



